Statewide Election Security Management Plan
InfoSENTRY researched and wrote a
security management plan for a Secretary of State’s Office in one of the
After working with staff in the Chief State Election Official’s office and consulting with county election officials, InfoSENTRY developed a comprehensive set of information security policies and procedures covering responsibilities for election system security policymaking, election security responsibilities, election system user authentication, physical access controls, election system Internet connections, and election information privacy and confidentiality.
InfoSENTRY based the security planning methodology on (1) State security planning guidelines, (2) the National Institutes of Standards and Testing’s “Guide for Developing Security Plans for Information Technology Systems,” and (3) BS7799/ISO17799 security management planning guidelines.
The security management plan for the State and county election information systems rested on a comprehensive risk assessment of both the statewide voter registration system and the planned statewide voting system. It included a detailed implementation plan, a security awareness plan, a security training plan, and a security communications plan for the state’s election information assets.
InfoSENTRY has experience working with international organizations, US Federal agencies, state and local governments, and corporations to bolster their physical, operational, and technical security capabilities.